<!DOCTYPE html>


<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    
    <title>Welcome to OpenPACE’s documentation! &#8212; OpenPACE 1.0.3 documentation</title>
    
    <link rel="stylesheet" href="_static/basic.css" type="text/css" />
    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
    <link rel="stylesheet" href="_static/breathe.css" type="text/css" />
    <link rel="stylesheet" href="_static/bootswatch-3.3.6/flatly/bootstrap.min.css" type="text/css" />
    <link rel="stylesheet" href="_static/bootstrap-sphinx.css" type="text/css" />
    
    <script type="text/javascript">
      var DOCUMENTATION_OPTIONS = {
        URL_ROOT:    './',
        VERSION:     '1.0.3',
        COLLAPSE_INDEX: false,
        FILE_SUFFIX: '.html',
        HAS_SOURCE:  true,
        SOURCELINK_SUFFIX: '.txt'
      };
    </script>
    <script type="text/javascript" src="_static/jquery.js"></script>
    <script type="text/javascript" src="_static/underscore.js"></script>
    <script type="text/javascript" src="_static/doctools.js"></script>
    <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.0/MathJax.js?config=TeX-AMS-MML_HTMLorMML"></script>
    <script type="text/javascript" src="_static/js/jquery-1.11.0.min.js"></script>
    <script type="text/javascript" src="_static/js/jquery-fix.js"></script>
    <script type="text/javascript" src="_static/bootstrap-3.3.6/js/bootstrap.min.js"></script>
    <script type="text/javascript" src="_static/bootstrap-sphinx.js"></script>
    <link rel="search" title="Search" href="search.html" />
    <link rel="next" title="Download OpenPACE" href="install.html" />
<meta charset='utf-8'>
<meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'>
<meta name='viewport' content='width=device-width, initial-scale=1.0, maximum-scale=1'>
<meta name="apple-mobile-web-app-capable" content="yes">

  </head>
  <body role="document">
  
  <a href="https://github.com/frankmorgner/openpace"
     class="visible-desktop hidden-xs"><img
    id="gh-banner"
    style="position: absolute; top: 50px; right: 0; border: 0;"
    src="https://s3.amazonaws.com/github/ribbons/forkme_right_white_ffffff.png"
    alt="Fork me on GitHub"></a>
  <script>
    // Adjust banner height.
    $(function () {
      var navHeight = $(".navbar .container").css("height");
      $("#gh-banner").css("top", navHeight);
    });
  </script>


  <div id="navbar" class="navbar navbar-default ">
    <div class="container">
      <div class="navbar-header">
        <!-- .btn-navbar is used as the toggle for collapsed navbar content -->
        <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".nav-collapse">
          <span class="icon-bar"></span>
          <span class="icon-bar"></span>
          <span class="icon-bar"></span>
        </button>
        <a class="navbar-brand" href="#">
          OpenPACE</a>
        <span class="navbar-text navbar-version pull-left"><b>1.0.3</b></span>
      </div>

        <div class="collapse navbar-collapse nav-collapse">
          <ul class="nav navbar-nav">
            
            
              <li class="dropdown globaltoc-container">
  <a role="button"
     id="dLabelGlobalToc"
     data-toggle="dropdown"
     data-target="#"
     href="#">Site <b class="caret"></b></a>
  <ul class="dropdown-menu globaltoc"
      role="menu"
      aria-labelledby="dLabelGlobalToc"><ul>
<li class="toctree-l1"><a class="reference internal" href="install.html">Download OpenPACE</a></li>
<li class="toctree-l1"><a class="reference internal" href="install.html#compiling-and-installing-openpace">Compiling and Installing OpenPACE</a></li>
<li class="toctree-l1"><a class="reference internal" href="usage.html">Usage of OpenPACE</a></li>
<li class="toctree-l1"><a class="reference internal" href="protocols.html">Extended Access Control Specification</a></li>
</ul>
</ul>
</li>
              
                <li class="dropdown">
  <a role="button"
     id="dLabelLocalToc"
     data-toggle="dropdown"
     data-target="#"
     href="#">Page <b class="caret"></b></a>
  <ul class="dropdown-menu localtoc"
      role="menu"
      aria-labelledby="dLabelLocalToc"><ul>
<li><a class="reference internal" href="#">Welcome to OpenPACE&#8217;s documentation!</a><ul>
<li><a class="reference internal" href="#further-reading">Further Reading</a></li>
<li><a class="reference internal" href="#where-to-get-help">Where to get help</a></li>
</ul>
</li>
</ul>
</ul>
</li>
              
            
            
              
                
  <li>
    <a href="install.html" title="Next Chapter: Download OpenPACE"><span class="glyphicon glyphicon-chevron-right visible-sm"></span><span class="hidden-sm hidden-tablet">Download OpenPACE &raquo;</span>
    </a>
  </li>
              
            
            
            
            
              <li class="hidden-sm"></li>
            
          </ul>

          
            
<form class="navbar-form navbar-right" action="search.html" method="get">
 <div class="form-group">
  <input type="text" name="q" class="form-control" placeholder="Search" />
 </div>
  <input type="hidden" name="check_keywords" value="yes" />
  <input type="hidden" name="area" value="default" />
</form>
          
        </div>
    </div>
  </div>

<div class="container">
  <div class="row">
    <div class="col-md-12 content">
      
  <div class="section" id="welcome-to-openpace-s-documentation">
<h1>Welcome to OpenPACE&#8217;s documentation!<a class="headerlink" href="#welcome-to-openpace-s-documentation" title="Permalink to this headline">¶</a></h1>
<div class="sidebar">
<p class="first sidebar-title">Summary</p>
<p>Cryptographic library for EAC version 2</p>
<table class="last docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field-odd field"><th class="field-name">Authors:</th><td class="field-body"><ul class="first simple">
<li><a class="reference external" href="mailto:frankmorgner&#37;&#52;&#48;gmail&#46;com">Frank Morgner</a></li>
<li><a class="reference external" href="mailto:oepen&#37;&#52;&#48;informatik&#46;hu-berlin&#46;de">Dominik Oepen</a></li>
</ul>
</td>
</tr>
<tr class="field-even field"><th class="field-name">License:</th><td class="field-body"><p class="first">GPL version 3</p>
</td>
</tr>
<tr class="field-odd field"><th class="field-name" colspan="2">Tested Platforms:</th></tr>
<tr class="field-odd field"><td>&#160;</td><td class="field-body"><ul class="first last simple">
<li>Windows</li>
<li>Linux (Debian, Ubuntu, SUSE, OpenMoko)</li>
<li>FreeBSD</li>
<li>Mac OS</li>
<li>Solaris</li>
<li>Android</li>
<li>Javascript</li>
</ul>
</td>
</tr>
</tbody>
</table>
</div>
<p>OpenPACE implements Extended Access Control (EAC) version 2 as specified in
<a class="reference external" href="https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TR03110/BSITR03110.html">BSI TR-03110</a> <a class="footnote-reference" href="#id1" id="id2">[1]</a>. OpenPACE comprises support for the following protocols:</p>
<table class="docutils field-list" frame="void" rules="none">
<col class="field-name" />
<col class="field-body" />
<tbody valign="top">
<tr class="field-odd field"><th class="field-name" colspan="2">Password Authenticated Connection Establishment (PACE):</th></tr>
<tr class="field-odd field"><td>&#160;</td><td class="field-body">Establish a secure channel with a strong key between two parties that only
share a weak secret.</td>
</tr>
<tr class="field-even field"><th class="field-name" colspan="2">Terminal Authentication (TA):</th></tr>
<tr class="field-even field"><td>&#160;</td><td class="field-body">Verify/prove the terminal&#8217;s certificate (or rather certificate chain) and
secret key.</td>
</tr>
<tr class="field-odd field"><th class="field-name" colspan="2">Chip Authentication (CA):</th></tr>
<tr class="field-odd field"><td>&#160;</td><td class="field-body">Establish a secure channel based on the chip&#8217;s static key pair proving its
authenticy.</td>
</tr>
</tbody>
</table>
<p>Furthermore, OpenPACE also supports Card Verifiable Certificates (CV
Certificates) and signing requests as well as easy to use wrappers for using
the established secure channels.</p>
<p>The handlers for looking up trust anchors during <abbr title="Terminal Authenticatation">TA</abbr> and <abbr title="Chip Authentication">CA</abbr> (i.e. the <abbr title="Country Verifying Certificate Authority">CVCA</abbr>
and the <abbr title="Country Signing Certificate Authority">CSCA</abbr> certificates) can be customized. By default, the appropriate
certificates will be looked up in the file system.</p>
<p>OpenPACE supports all variants of <abbr title="Password Authenticated Connection Establishment">PACE</abbr> (DH/ECDH, GM/IM), <abbr title="Terminal Authenticatation">TA</abbr>
(RSASSA-PKCS1-v1_5/RSASSA-PSS/ECDSA), <abbr title="Chip Authentication">CA</abbr> (DH/ECDH) and all standardized
domain parameters (GFP/ECP).</p>
<p>OpenPACE is implemented as C-library and comes with native language wrappers
for:</p>
<ul class="simple">
<li>Python</li>
<li>Ruby</li>
<li>Javascript</li>
<li>Java</li>
<li>Go</li>
</ul>
<a class="reference external image-reference" href="https://travis-ci.org/frankmorgner/openpace"><img alt="Travis CI Build Status Image" src="https://img.shields.io/travis/frankmorgner/openpace/master.svg?label=Travis%20CI%20build" /></a>
<a class="reference external image-reference" href="https://ci.appveyor.com/project/frankmorgner/openpace"><img alt="AppVeyor CI Build Status Image" src="https://img.shields.io/appveyor/ci/frankmorgner/openpace/master.svg?label=AppVeyor%20build" /></a>
<a class="reference external image-reference" href="https://scan.coverity.com/projects/1789"><img alt="Coverity Scan Status" src="https://img.shields.io/coverity/scan/1789.svg?label=Coverity%20scan" /></a>
<a class="reference external image-reference" href="https://codecov.io/gh/frankmorgner/openpace/branch/master"><img alt="Codecov Status" src="https://img.shields.io/codecov/c/github/frankmorgner/openpace/master.svg" /></a>
<div class="admonition note">
<p class="first admonition-title">Note</p>
<p class="last">OpenPACE only implements the cryptographic protocols of the <abbr title="Extended Access Control">EAC</abbr>. If you
actually want to exchange data with a smart card, you need to take care of
formatting and sending the data in the form of APDUs. If this is what
you&#8217;re trying to do, you should have a look at the <strong class="command">npa-tool</strong> of
the <a class="reference external" href="https://frankmorgner.github.io/vsmartcard/">nPA Smart Card Library</a> <a class="footnote-reference" href="#id3" id="id4">[2]</a>.</p>
</div>
<div class="section" id="further-reading">
<h2>Further Reading<a class="headerlink" href="#further-reading" title="Permalink to this headline">¶</a></h2>
<div class="toctree-wrapper compound">
<ul>
<li class="toctree-l1"><a class="reference internal" href="install.html">Download OpenPACE</a></li>
<li class="toctree-l1"><a class="reference internal" href="install.html#compiling-and-installing-openpace">Compiling and Installing OpenPACE</a><ul>
<li class="toctree-l2"><a class="reference internal" href="install.html#setting-up-a-development-environment-using-vagrant">Setting up a development environment using Vagrant</a></li>
<li class="toctree-l2"><a class="reference internal" href="install.html#compiling-on-linux-unix-and-similar">Compiling on Linux, Unix and similar</a></li>
<li class="toctree-l2"><a class="reference internal" href="install.html#compiling-for-windows">Compiling for Windows</a><ul>
<li class="toctree-l3"><a class="reference internal" href="install.html#cross-compiling-for-windows-on-linux">Cross-Compiling for Windows on Linux</a></li>
<li class="toctree-l3"><a class="reference internal" href="install.html#compiling-with-visual-studio">Compiling with Visual Studio</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="install.html#compiling-for-android">Compiling for Android</a></li>
<li class="toctree-l2"><a class="reference internal" href="install.html#compiling-for-javascript">Compiling for Javascript</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="usage.html">Usage of OpenPACE</a><ul>
<li class="toctree-l2"><a class="reference internal" href="usage.html#using-libeac">Using <code class="docutils literal"><span class="pre">libeac</span></code></a><ul>
<li class="toctree-l3"><a class="reference internal" href="programming.html">Programming with OpenPACE</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="usage.html#using-cvc-create-to-create-the-eac-pki">Using <code class="docutils literal"><span class="pre">cvc-create</span></code> to Create the EAC PKI</a></li>
<li class="toctree-l2"><a class="reference internal" href="usage.html#using-cvc-print">Using <code class="docutils literal"><span class="pre">cvc-print</span></code></a></li>
<li class="toctree-l2"><a class="reference internal" href="usage.html#creating-the-document-pki-and-ef-cardaccess-ef-cardsecurity">Creating the Document PKI and EF.CardAccess/EF.CardSecurity</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="protocols.html">Extended Access Control Specification</a><ul>
<li class="toctree-l2"><a class="reference internal" href="protocols.html#password-authenticated-connection-establishment">Password Authenticated Connection Establishment</a><ul>
<li class="toctree-l3"><a class="reference internal" href="protocols.html#protocol-specification">Protocol Specification</a></li>
<li class="toctree-l3"><a class="reference internal" href="protocols.html#ecdh-mapping">ECDH Mapping</a></li>
<li class="toctree-l3"><a class="reference internal" href="protocols.html#dh-mapping">DH Mapping</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="protocols.html#terminal-authentication">Terminal Authentication</a><ul>
<li class="toctree-l3"><a class="reference internal" href="protocols.html#id3">Protocol Specification</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="protocols.html#chip-authentication">Chip Authentication</a><ul>
<li class="toctree-l3"><a class="reference internal" href="protocols.html#id4">Protocol Specification</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>
<div class="section" id="where-to-get-help">
<h2>Where to get help<a class="headerlink" href="#where-to-get-help" title="Permalink to this headline">¶</a></h2>
<p>Do you have questions, suggestions or contributions? Feedback of any kind is
more than welcome! You can contact us through our <a class="reference external" href="https://github.com/frankmorgner/openpace/">GitHub</a> <a class="reference external" href="https://github.com/d0/openpace/">repositories</a> or the <a class="reference external" href="https://github.com/frankmorgner/openpace/issues">project trackers</a>.</p>
<table class="docutils footnote" frame="void" id="id1" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#id2">[1]</a></td><td><a class="reference external" href="https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TR03110/BSITR03110.html">https://www.bsi.bund.de/EN/Publications/TechnicalGuidelines/TR03110/BSITR03110.html</a></td></tr>
</tbody>
</table>
<table class="docutils footnote" frame="void" id="id3" rules="none">
<colgroup><col class="label" /><col /></colgroup>
<tbody valign="top">
<tr><td class="label"><a class="fn-backref" href="#id4">[2]</a></td><td><a class="reference external" href="https://frankmorgner.github.io/vsmartcard/">https://frankmorgner.github.io/vsmartcard/</a></td></tr>
</tbody>
</table>
</div>
</div>


    </div>
      
  </div>
</div>
<footer class="footer">
  <div class="container">
    <p class="pull-right">
      <a href="#">Back to top</a>
      
    </p>
    <p>
        &copy; Copyright 2012-2018 by Frank Morgner and Dominik Oepen.<br/>
    </p>
  </div>
</footer>
  </body>
</html>